UNIVERSITY OF MASSACHUSETTS LOWELL

DEPARTMENT OF COMPUTER SCIENCE

91.460.201 and 91.530.202 Special Topics: Digital Forensics

Fall 2012  

Instructor:

Dr. Xinwen Fu

Office: 

203 Olson Hall

Phone: 

(978) 934-3623

E-Mail: 

xinwenfu@cs.uml.edu         

Homepage: 

http://www.cs.uml.edu/~xinwenfu

Office Hours: 

Mon., Wed. 3:30PM ~ 5:00PM

 

Course Name:

91.460.201 and 91.530.202 Special Topics: Digital Forensics

Credits:

3.00

Duration:

9/5/2012 - 12/10/2012

Time:

TuTh 3:30PM - 4:45PM

Location:

OLS-401 (Olsen Hall 401 - NC)

COURSE DESCRIPTION

Identifying, preserving and extracting electronic evidence. Students learn how to examine and recover data from operating systems, core forensic procedures for any operating or file system, understanding technical issues in acquiring computer evidence and how to conduct forensically sound examinations to preserve evidence for admission and use in legal proceedings.

COURSE PREREQUISITES:

The class is open to students with basic computer science knowledge. The following knowledge will help your study.

1. Linux (Ubuntu and Fedora Core) and Windows - basic use and software installation.

2. Knowledge of networks

3. Creative thoughts

DESCRIPTION OF INSTRUCTIONAL METHODS

Class Preparation

1. The course web site is located within Blackboard Vista, which will be available around one week after the school starts. Follow this instruction to log into Blackboard.

2. Lecturing is based on the textbook with learning materials provided.

3. Security techniques may be practiced in the lab.

4. You will be expected to be prepared for class, and you must complete the assignments by the due dates.

COURSE REQUIREMENTS

Textbooks (Required):

NOTE: Do NOT buy the kindle version since it does not have the CD required for this class. The paperback version has the required CD in it.

Bill Nelson, Amelia Phillips, and Christopher Steuart, Guide to Computer Forensics and Investigations, 4th Edition, 2010, ISBN-10: 1435498836, Click here to the publisher.

Supplementary Materials (Not Required):

1. Orin S. Kerr, Computer Crime Law, 2d (American Casebook), West, October 23, 2009

2. Sara Baase, A Gift of Fire: Social, Legal, and Ethical Issues for Computing Technology (4th Edition), Prentice Hall, August 5, 2012

Class Attendance Policy

Students should attend the class in the classroom.

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

Make-up Exams

1. Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. If this is not done, the grade is automatically zero for that exam/quiz.

2. Written verification for the student's inability to take an exam will be required.

3. The make-up exams will be different from those given to the class.

COURSE GOALS

1. Learn About The Field Of Computer Forensics

We will learn about the emerging field of Computer Forensics - the science of obtaining and analyzing evidence from computers. This evidence may be found on storage devices, such as hard drives, which are confiscated under warrant from personal or professional computers; or it may be found by traces of activity on computer networks. We will learn the tools and process of Computer Forensics.

2. Learn Computer and Networking Concepts.

We will learn how computers and the Internet work so that they change rapidly, you can understand the changes. Specific topics include how computer hardware and software work, what data formats are, how network hardware works and how the Internet works.

3. Investigate Legal and Ethical Issues Involving Computer Forensics

We will explore what kind of crimes computer forensics specialist investigate, and learn about what information gathering is legal/illegal and ethical/unethical. As technology emerges and changes so quickly, many of the aspects of these laws and guidelines are still being developed, which will make for an interesting academic exploration of the issues.

 EVALUATION PROCEDURES

 Components of Course Grade:

Assignments (5~10)

50%

Midterm

20%

Final Project

30%

 Grade Scale

90-100

A -

85 ~ 89.9

B +

80 ~ 85.9

B

75 ~ 79.9

B-

70 ~ 74.9

C+

65 ~ 69.9

C

  60 ~ 64.9

C-

55 ~ 59.9

D

50 ~ 54.9

F

below 50

Homework Assignments

1. All assignments are to be turned in on or before the due date and time. If you try and cannot turn in an assignment electronically because the campus network is down, you will not be penalized.

2. An assignment turned in up to 24-hours late will be reduced by 10% of the assignment's worth, more than 24 hours late will be reduced 100%.

3. The due date and time for each assignment will be specified on assignment postings.

4. All assignments are expected to be individually and independently completed. Should two or more students turn in substantially the same solution or program, in the judgment of the instructor, the assignment will be given a grade of zero. A second such incident will result in an F grade for the course.

Exams

1. Exams are based on textbooks, supplemented materials, and assignments.

2. All exams are take-home, but timed.

3. The tentative exam format will be true/false, multiple choice, fill-in-the-blanks, programs, and/or short essays.

Projects

1. Each member of this class is required to join a team of at most 3 persons. A team must have a team leader coordinating the communication with members and the instructor.

2. Each team must be formed within 2 weeks from the semester start and the team leader will report the list of members to the instructor once the team is formed.

3. Team work is encouraged since all members of a team will receive the same score based on the entire team's performance for team projects.

4. Some of the projects will be performed within a closed laboratory.


 
TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. We thank Dr. Yong Guan for sharing many of his materials.

Order

Topics

Readings

Assignment

Data

Module 1 Introduction to Digital Forensics    

 

Module 2 Laws and Ethics    

 

Module 3 Computer Forensics    

 

Module 4 Network Forensics